CVE-2020-11492 PoC — Docker 竞争条件问题漏洞

Source

https://github.com/CrackerCat/CVE-2020-11492

Associated Vulnerability

Title:Docker 竞争条件问题漏洞 (CVE-2020-11492)
Description:Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器（轻量级虚拟机）并部署和运行应用程序，以及通过配置文件实现应用程序的自动化安装、部署和升级。Docker Desktop是Docker的桌面版。 Docker Desktop 2.2.0.5及之前版本（Windows）中存在安全漏洞。本地攻击者可利用该漏洞拦截来自Docker Service（以SYSTEM身份运行）的连接尝试，然后冒用其权限。

Readme

# CVE-2020-11492

Proof-of-Concept (PoC) for Docker Desktop for Windows privilege escalation vulnerability. This vulnerability was
patched in Docker version 2.3.0.2 on May 11th, 2020.

This PoC performs the following:

- creates a named pipe mimicking docker named pipe `\\.\\pipe\\dockerLifecycleServer`,
- call `ImpersonateNamedPipeClient` after connection from docker service,
- retrieve and duplicate the impersonated access token from the current thread,
- launch a new process with the token. The new process will run as `SYSTEM`.

# References
- https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/

File Snapshot


 [4.0K]  /data/pocs/bcf8d7e4b63441d4e2c019b0c0db6a7360bebee9
├── [4.0K]  CVE-2020-11492
│   ├── [3.7K]  CVE-2020-11492.cpp
│   ├── [7.2K]  CVE-2020-11492.vcxproj
│   └── [1.0K]  CVE-2020-11492.vcxproj.filters
├── [5.8M]  cve-2020-11492.gif
├── [1.4K]  CVE-2020-11492.sln
└── [ 650]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!